I've just started recently to delve into the depths of html/php & co, so basically I'm a noob.
My question is simple: I'm using a php session to store a variable I'm using for an operation on the successive page. This variable is 'id' which is the primary key of my postgreSQL table. The user has a form on the web page in which it inserts the 'id' so as to select a particular row of the database to visualize and modify. Since the operations of visualization and modification are all in successive pages, I wanted the variable to remain memorized through the session (so that it's not required to post it again every time)
$_SESSION[id] = $_POST[id]
The problem arises when on a successive page I try to use a form to modify data on that particular row. I don't want the user to have to submit the 'id' again, so I use a select that involves $_SESSION[id]. But when the user submits the form, $_POST[id] is not specified in that form and its value goes to null. The result is that $_SESSION[id] is null and I cannot access the database using the query.
I found a way to solve the problem, but I find it extremely inelegant. I basically add a hidden section on the form that sends the id variable like this
<input type="hidden" name="id" value="$_SESSION[id]">
Is there a better way to do this?
I really hope my question makes sense to you, feel free to comment for additional info.
Thanks a lot :)
Related
Problem
I am developing an application (in PHP) in which, I will show the user a report of some derived values based on previous entries he had done and the user will check for correctness - if correct, then the user can press Save button to submit it to database. Otherwise, the user should be able to edit previous entries, but he should not be able to change derived values in that report.
For that purpose, I have enclosed these values in a hidden input field, so a normal user can not alter these values, but if web developers could inspect the element in their browser and change these values.
Can we prevent these type of attack? If so, how?
My thoughts
I can make a string of all hidden fields, encrypt it and save in another hidden field - after postback I can cross-verify actual value and encrypted value.
Is this the correct way to achieve this? and how to do this
What do you think?
It's very hard to get a good idea of what you are trying to do but perhaps a solution could be to display a form with input fields disabled (http://www.w3schools.com/tags/att_input_disabled.asp) then have at the bottom of your page e.g. Is this information correct? .. Then 1 option to Save, and one option for No/Edit. Then do an if(isset($_POST['edit'])) { .. run form again but with input fields not disabled }
Only have your SQL update code in the 'edit' section of the code, and have a seperate SQL update code for the save section which just moves the values from wherever you are grabbing them from, to wherever they need to be.
Hope that helps.
If there are derived values that you need to fill out your form, but don't want to use hidden fields - I suggest using session variables that would contain those derived values as needed. Depending on how many of these forms there are, and how many users will be using them - the overhead is usually negligible with this number of fields (in the 30s)... if you discard them when not needed of course.
I have a file which displays the resultset of a query. Now there is an option to compare the individual records (maximum upto 4 simultaneously). Problem is when I switch to next page, the previously selected values for comparison are lost (as the same file loads new records afresh, through pagination algorithm). Is there anyway, I could pass the selected values from the first selection and thereon to the final call(of same page). Technology being used is PHP, MySQL & Javascript. Any help would be highly appreciated. Thanks!
This is a shot in the dark without some sample code or a clear explanation of the pagination, but if you are using a form then you can pass the selections to hidden fields, session variables or some other scoped variable. It appears you are using AJAX, but without the code, I can't give you specifics. If you have full access to the code then a click function on the selection of the elements would allow you to pass the variables via AJAX store them via JAVASCRIPT.
If you can provide a few more details, my answer can be more specific. I would have just asked for clarification but I just joined and don't have the 'reputation' for that yet. ;-)
I'm a bit rusty in PHP,
I'm curently doing an PHP assignment where a user can select and save listed images/data/values into their own collection.
I have inputted all the data and printed it out in a repeat region with recordset paging.
I'm confused about how I am supposed to save a checked checkbox temporary before submission as there a more then 1 page as I'm using recordset paging to output the options.(Meaning: i have selected 2 values in the first page then i click next page to select balance values and finally submit my selection)
TIA
I have read an article on storing in session , that is the solution I guess, but I wonder how I'm supposed to send the value to the session when chaging the page (recordset paging generated by Dreamweaver)
To clarify the previous answers, you will most likely want to create a new $_SESSION variable for each check-box and associate a boolean with it.
You can store the result of a form post in PHP's $_SESSION variable.
Read this post for more information: Storing Form Data as a Session Variable
Also, there has to a tutorial or something in Google Land.
If you need to save the form results without submitting the form, try a JavaScript/AJAX approach. The idea is that you actually do submit the form, but in a behind-the-scenes kind of way (that is, the user never notices it). Essentially, you're going to want to build a "autosave" functionality. Look at these two posts:
Autosaving Form Input Using Prototype and PHP
AJAX Autosave functionality
They probably won't fit your needs exactly, but they should give you a good idea of what you should do.
Note: both of these posts use a timer to trigger their autosave functionality. I would suggest tweaking the trigger to detect any changes in your form instead.
Store them in _SESSION and process when needed.
In a PHP application I'm building, I'd like to have an 'editable' table. The idea is that each row will have an edit button, which, when clicked, will replace certain fields with text fields and select lists and change to a save button. When the user clicks save, the data data should be validated and changed if appropriate.
I'm mainly tackling this as a learning project (I'm aware there's a ton of stuff already out there) and to see if I can get anything 'cool' working. I've created a PHP table-generating class that can take an array of objects as a datasource, and can have columns created based on those class methods.
e.g.
$table = new Table($dataSource);
$table->addColumn('Name', 'getName');
$table->addColumn('Amount Due', array('getOrdersManager', 'getTotalAmountDue')); //First calls getOrdersManager() on each data item and then calls the getTotalAmountDue() on the result
I'd like to try my hand at extending this to be able to the table row and have those changes reflect on the corresponding object in the data source.
I don't really have very much experience with AJAX although it's clearly going to play a very important role in getting this to work correctly.
Any tips on how I should approach such a task?
Edit: I'm not really interesting in looking at Ajax libraries at this point (I do have some experience with jQuery). I'm more interested in learning the basics of Ajax at this point.
my tip is to use jquery(does most of the heavy lifting for you and is easy to learn).
The idea is that each row will have an
edit button, which, when clicked, will
replace certain fields with text
fields and select lists and change to
a save button
http://api.jquery.com/click/
When the user clicks save, the data
data should be validated and changed
if appropriate.
http://api.jquery.com/jQuery.post/
Some things to be aware of/think about:
Are you going to send every field change to the server, or only the whole row (the latter is more resource efficient, but not necessarily as accurate)
How are you going to ensure the data displayed stays accurate even if the update to the server fails for some reason (either a network failure or a DB/validation error)
How will you ensure the user has permission to update the record and that you don't open a security hole by allowing the AJAX responder just to update whatever record it is told to. My approach has been that if a record is shown in the interactive table then the user has the permission to update it, so a cache of record IDs is held in the session when the table is created
Are you going to load options dynamically? If you don't, then a long table can end up containing a lot of HTML because of repetition of the select controls, but again it is more resource efficient not to have a request every time a user clicks into a dropdown. One compromise might be to put the options into a hidden HTML field and load them dynamically into the correct place when a user clicks a dropdown
I am trying to develop a registration page which involves three separate information.
First Page will get contact details
Second page - working details
Third page - study details.
How to keep the form data of the previous pages before posting the form?
You could do it with Ajax - multiple divs and hide/show the appropriate ones.
Or you could POST each page and save the data in the $_SESSION global variable until all pages are complete. Then save it all to the database.
While the other answers are certainly good ideas, you may also want to consider persisting the intermediate data to your database between each page. So, submitting the first page would create the new row, with the columns relating to contact details populated, and a status column set to a value indicating that the submission is not yet complete.
The second page would update that record in the database. The third page would also update the record, as well as the status flag to indicate the submission is complete.
The main benefit to this is that the user can walk away after the first (or second) page, and then return to it later, even if he had closed his browser and his session had expired. (As long as he has a unique URL to return).
This approach might not have a lot of benefit if you are only collecting three pages of data, but if you had many pages, the ability to leave and return later might be more important.
You should take a look at http://jqueryui.com/demos/tabs/, it should be able to do what you need.
While shifting to another page, you just put the values of first page variable in sessions, then you can access the value of previous page at any page, then post the value to the database query. In this way, you can use the use the value of first page at third page, up to when browser is open. As the browser close then variable lost their values.
Back in the day, I would've put hidden fields for all of the previous pages in each subsequent page, so the final submit would have everything... i.e.
Now, I would probably only have one actual page.. with multiple steps implemented by showing/hiding div's and collecting all of the data in one big form, broken up visually for the user... and if I was feeling especially frisky, with frequent validation and final submission through ajax.